You DO realize that there are Rules for Crafting Fake SIN's in SR4, right? Their existence proves your statement to be false.

If it was extremely hard to hack SINs, it would cost a premium to get someone to do it.

Fake SINs as of SR5, are 2500 per rating. Which is, for comparison, the same price as a Rating 4 commlink or just under the book's recommended base reward for a shadowrun (3k + 100 per net hit on a Negotiate test). OR half a month's Middle lifestyle.

So not terribly expensive.

As several people have tried explaining to you multiple times, attaching something is completely different from having a searchable, constantly updated index, much less a publicly searchable one

And again: why does there have to be just one index?

Remember, as of 4.5, you can store the entire Library of Congress in your underpants. Storage memory is no longer a problem, so everybody and their dog can carry the entire Google index with them everywhere they go. And that's still assuming that search engines function exactly the same way in the future they do now-- that's not likely.

There are probably dozens or more search indexes out there. Admittedly, that's kind of true today-- Google is easily the biggest, but Bing and a few others are still out there. I think you were the one who said that memory space was an issue for such an index, but that will not be an issue.

Also, we're both kind of assuming the SR4 devs used the word index appropriately. It could be that since each SIN "indexes" everything, it actually carries every single known link from your SIN everywhere you go, as a database for anyone to look at. Or, it could be they just meant something more like "tagging", which basically identifies each and every thime your SIN is mentioned.


You'd get a lot more. Without invoking your credit report, I can still find your entire employment history and exact position currently (LinkedIn does that), your educational history (what schools you went to and when you graduated), the restaurants you frequent ("liked" on Facebook), the names of all your family members, and your favorite clothes (from searching your pictures). Finally, I can find your current location (Foursquare). So, I can track you to within a few meters.

On top of that, there are sites out there that allow anyone to check your criminal history. So, anyone can find out that you got in trouble for stealing a candy bar when you were six, and Officer Friendly came to give you a lecture. You can run someone's driving report, and locate every traffic or parking ticket they've ever received. If you correlate off that, you can predict roughly where someone will park each day. On top of that, since the future roads use electronic tolling and ticketing, you can track someone's bank account off it-- you basically have to leave a credit card on file to pay to use the roads, so that's traceable as well.

Those are just some basic things you can do today (mostly). And I didn't use the credit report example, which is disturbingly easy to get, and gives a heck of a lot more information.


Who said that it was?

In order for the Shadowrun economy to work, there needs to be a system to share information freely. The notion of hoarding consumer data is silly-- you don't want to make it hard for someone else to buy your products, so it doesn't make sense for them to make it hard to buy yours.

But, we do know that 2070 uses ultra-targeted advertising. Today, people run your credit report all the time, just so they know what credit cards to offer you. Shadowrun is the same way, except more so. So, when you walk into a store, your credit report and transaction history is run. Now, this information is still "protected", in that the store can't actually charge you for anything without your approval. But they can run your balance, and depending on what they find, either start sending you ads for high-ticket items or today's blue-light special.

There *is* security there, and a great deal of it. However, it's almost exclusively focused on transactions-- buying and selling things. That is protected. But in a world without privacy, your information is already out there. That's why it's easier to fake a SIN than hack an existing one.

Interesting idea. So, every time someone logs your SIN, they send you a little notice that they've done so, which you append to a log of SIN checks on your commlink. Then, in addition to broadcasting your SIN, you also broadcast your log of SIN checks, which records every time anyone has ever logged your SIN. I mean, it would work, as an alternative to creating a central database, but how is it better than the central database? At least the central database would be a little more tamper-proof, no?

In any case, since there's no mention of any such system, I'll continue asserting that you've produced no evidence that I'm wrong about my point 3 from post 129. In other words, you've still produced no evidence that there's any easy way to look at a SIN and figure out which databases contain information about that SIN.

Note that if there were, radical honesty would be the rule of the day. ("Hi honey, where have you been?" "Mommy, check his SIN log, he's been at the strip club, again." "Dammit John, we've talked about this!")


Oh? How do you think "tagging" works?


In 2015, if someone participates extensively in social media and sets their privacy settings as public as possible, you can gather a lot of information about them relatively easily. I agree with that.

This is relevant to shadowrunners in 2075 how exactly? Assuming there is something like Facebook and Foursquare in 2075, do you imagine that shadowrunners, or those they normally deal with, will be enthusiastic users of these services?

(A few side points: Foursquare doesn't share real time locations anymore, these services are generally not searchable through public search engines by default, and why would any corp citizen have a "LinkedIn" in 2075? Would Renraku even allow their employees to create one? Seems crazy.)


In 2015, most criminal policing is done by governments. These governments make an ongoing effort to make their activities public (in some ways at least).

In 2075, most criminal policing is done by private corporations. These private corporations explicitly, canonically, refuse to share data with each other. How much data do you think they'll just release to the public? Presumably there will be some public record of felony convictions (one would hope) but for anything less than that, I'm not seeing it.


You don't have to. Today, you make a toll account, then you can pay money into your toll account however you like, then that account is debited when you use a toll road. If you want, you can leave a credit card on file with them, which will be charged to refill your toll account when it gets low, but this is optional.

(This feeds into my broader point that your ideas about payment systems strike me as comprehensively unrealistic. Excessive information sharing is simply not necessary to set up automated payment systems.)


Cite?

At times, the US and the USSR traded grain for oil. How good were they about sharing information with each other freely?


Silly? If I make it easy for you to track the movements of my employees, you will use that information to kidnap them, blackmail them into turning against me, or assassinate them. Again, there is a cost-benefit analysis here. And again, in Shadowrun, from the evidence we have, these cost-benefit analyses have consistently resulted in, "Don't share data, it's not worth the risks."


Ultra-targeted? Can I get a cite on that? I've discussed, in my first post in this thread, how you can do tailored advertising with only my 1 and 2 (from post 129) being true. You don't need 3 and 4 for tailored ads.


Yes, the first statement here is true. Do you have any evidence to support the second statement?

If I'm a Renraku corporate citizen, am I even allowed to get loans from other corps? I would guess not, Renraku wouldn't want them having that leverage over me, would they? (Presumably this is one reason loan sharks do such booming business in 2075.) If Renraku is going to lend me money, do they need a public credit report? Couldn't they just have their staff accountants and psychologists look over my records and decide if loaning me money is a good idea? If Renraku does decide to lend me money, are they going to publish all the details of that little internal transaction for the world to see?

("Hm, several big loans to one of their top-flight engineers, he must be under some kind of stress. Flag him for further surveillance and possible bribery/blackmail.")


You've said this a few times. You've yet to provide any kind of textual evidence that this works they way you think it does. I think you're simply wrong about how this works.

Finally, with regards to lack of privacy, compare these two statements:
I don't have any privacy, Renraku knows absolutely everything about me.
I don't have any privacy, absolutely everyone knows absolutely everything about me.

The first is totally plausible in Shadowrun, it's consistent with existing Shadowrun fiction, and it's totally gameable.
The second is maybe plausible in Shadowrun, it's very inconsistent with existing Shadowrun fiction, and it's pretty much not gameable.

The issue is that many people are claiming that because there isn't one single central database for all you info, SINs cannot work the way I describe. The flaw there is assuming there must be a central database. You don't actually need one for this to work-- in fact, it might be more fitting to the panopticon idea that data is stored and backed up in many places at once.


Honestly, this thread grew so fast, I missed your post. I don't like to go point by point anyway, you're only allowed so many quotes per post. But, if you give me a moment, I believe your claim was:

The first problem is that you're assuming there must be a central database. That isn't the case.

Second, why is that necessary? If you get four hundred and twelve reports saying I bank at Renraku Mutual, does it matter if a few say something different? Remember, there's a huge amount of data on everyone out there, you're going to get a few anomalies. Today, search engines can filter out some anomalies; presumably 2070 AI's can do the same.



Well, remember that in some areas, you literally cannot have your privacy settings that high. You have to broadcast your identity to legally walk down the block, or you could face armed drones-- that's an example in the SR4.5 core book. So, a shadowrunner who wants to appear to be a normal everyday citizen will have to have a fake SIN that's openly broadcasting.

Yes, of course they would! At the very least, everyone would have their resumes posted online, so they could apply for positions within the company. Renraku employs millions upon millions of people, across the entire globe; how else will they pick staff for job openings? And since they use the same Matrix as everyone else to transfer data worldwide, it would be much easier to put this level of information on public nodes. Also, while it might make it easier for others to extract their employees, it also makes it easier for Renraku to extract someone else's employees. Part of the cost of doing business is making tradeoffs.

Quick question: how many people will seek out a totally different bank, just to make a special account for tolls?

Even if people do that (and they don't, people seldom make that many bank accounts today), you're making a huge leap to assume they'll use a different bank. More than likely, if your scenario actually happens on a regular basis, they'll make the other accounts with their regular bank. So, someone who locates your toll account can safely assume that you do all your banking there, and then a few more queries can easily reveal the existence of your other accounts.

On top of that, if you can get more information, you can track the credit card/auto refill account, which would reveal even more.


And the competition makes it easy for you to do the same to them. It's a level playing field, which is the assumption behind much of the shadowrun world, economy, and behind shadowrunning as a profession.

I've cited it before, but sure:


So, tailored advertising is not just a reality, it's commonplace.

Why loans? Let's start with a more common example.

Joe Renraku is on a company-approved field trip to Northgate Mall. He gets hungry, and stops at a Stuffer Shack, and orders a Nuke-it Burrito. Can he do so?

See, there's a few problems. First, I don't recall who owns Stuffer Shack, but I assume it isn't Renraku. So, in order to buy anything off Renraku property, there has to be some communication between Renraku and the Stuffer Shack company.

Even bigger than that? Nuke-It Burritos are one of Aztechnology's flagship brands. So, you can't actually buy one without giving money to one of Renraku's biggest competitors. That gives Aztechnology leverage over them, right?

That's why some sort of mutual communication is necessary for the Shadowrun economy. Even though each mega could issue their own currency, they have to have a medium for exchange between each other, for purchases big and small.


I've provided several, but I have been repeating myself. Here's one from SR5 that I haven't used before.

Because you can't prove one central database, you'll assume there are many? Can you prove those? You've yet to cite a single example of someone entering a SIN into a system and getting back a list of databases that contain that SIN.

I've got SIN 34567890, I want to know where he banks. Where, exactly, do I enter his SIN, and get 412 reports that he banks at Renraku mutual? This is my question. I've never mentioned conflicting reports, I want to know where you're getting this information in the first place.

What does "out there" mean? The fact that Renraku has excellent information on the movements and activities of their employees doesn't help me at all if Renraku refuses to give me that information when I ask, does it?


Ok, these two ideas are different, no?

• This is a high security area, you must broadcast your SIN at all times
• This is a high security area, you must broadcast your SIN at all times. Also, the logs of where you go and what you do while here will be published in real time to the public Matrix for all to see.

The first is something that's been talked about in Shadowrun. Has the second ever been?


Here's an idea. Rather than have their employees post their information somewhere public, instead, you have an internal only system, where Renraku supervisors can query a secure database that records:
- What jobs have been held by someone
- What their performance review scores have been in those jobs
- Notes from evaluations by company psychologists, as to leadership potential and emotional stability
- Scores from various aptitude tests administered at various points in their lives, back to when they were children
- Grades from Renraku and external educational programs, back to when they were children

No privacy. No information sharing. Just how I like it. Everything's locked down, you can only look at information on those of lower rank/grade than yourself. (No looking up information on your bosses, naturally.)

And as to the idea that they would put all this stuff up on "public nodes"? Whoa! What do you mean by "public nodes"? Do you just mean that they are accessible on the Matrix, or that they just let anyone in without any kind of security whatsoever? Because I'm not saying that these employee information databases can't be hacked, just that Renraku would try to make it a pain in the ass to do so.


"Memo: All Staff. We would like all of you to make LinkedIn accounts listing your employment information and qualifications, and set them to public. Yes, this will make many of you juicy targets for "acquisition" by our rivals. However, we hope that our rivals will see this initial act of generosity, and be so moved, that they decide to reciprocate, which will help us in our acquisitions."


When I say a "toll account", I didn't mean a new bank account. I meant an account with the toll processing company. You make this account with them when you get your toll tag transponder. You then pay money into this account however you like. You can go down to their offices and pay in the money in cash, if you like.

(Again, you just consistently have really weird ideas about payment systems.)

And yes, if you hack the toll company's payment servers, and someone chose to associate a credit card with their account, you can get their credit card info this way. Hopefully those servers would have a little security on them, no?



That quote would be super-relevant if anyone were arguing that tailored advertising didn't exist in Shadowrun.

Of course, I haven't noticed anyone arguing that. My position, which has been consistent from my first post in this thread, is that you can do tailored ads just fine with internal, not shared, consumer purchase history databases.


Processing transactions requires communication. How much communication? My position, consistent with what we've seen in the world and several examples I've provided, is that it requires very little. Your position is that it requires everyone to broadcast all their financial information at all times. Your position is simply untenable.



Tailored ads are fine. Look at my post 129. You can do tailored ads with just my 1 and 2, you don't need 3 and 4. You don't need information sharing of any kind.

Right. And thats my problem with SINs. Prior editions had them given out by megacorps of all types, not just nations.

Further still, on checking them, if their issued by corps and well as nations, its not always in the best interest in the corps to cooperate with a rival corp on security checks. Its never in say, Lone Star's best interest to cooperate and help Knight Errant in checking security. Or Horzion vs say Aaztechnology. That seems to be a bit lost here from what I see. Going through the cracks.

I've repeatedly provided the quote that shows that's exactly what a SIN is supposed to do-- it indexes and helps sort and collect information on you.

Second, considering you can do that nowadays by typing your name into Google, I don't think that's a valid argument.


2070 equivalent of Google. Remember, I can get all this information today, it just takes a while and involves some guesswork. A SIN removes a lot of that guesswork, and AI should handle about all the rest.


Quite often in SR4-onward, actually. Here's one from SR4.5:

So, not only is everything recorded and tracked, patterns are analyzed in real time, or at least close enough to send security forces if the computer thinks it's suspicious.


And when you have to work with someone from another corp? That happens all the time, too. Joint ventures are commonplace now, plus the fact that many times corps need to negotiate with each other.

And yes, I mean publicly accessible. They'd place a reasonable amount of security on it, although not super-heavy.


That would also link back to your bank account.

For example, let's say I have my phone bill set to auto pay. I put in my debit card information once, and it's stored securely; anyone looking at my statement would only see that I paid with a card ending in 6969. Of course, sometime's that's enough to track certain information on the card, like the type (Visa/MC/Discover) and sometimes even the bank that issued it.

But, to bring this back to Shadowrun, I'll cite Sr4.5 again:

So, datatrails are real, and that information follows you everywhere your SIN goes.


Straw man, or at least hyperbole.

I never said "all your financial information", I said a SIN makes looking it up very easy. That's very different.

Also, while you keep saying you have examples, I can't seem to find any of your page citations. I might have lost them in this thread, and I don't actually know how to link past posts, so do you mind linking me to the posts with all your page references?


\Not possible.

In order for tailored advertising to be even possible, you need detailed information on people. Like a personal shopping profile, assembled either by computer or by someone. Someone not only needs to track what you've bought in this store before, but what similar items you've bought in the past, so they can push you towards other things. For example, if you have an Android, there's no sense in trying to sell you iPhone accessories.

But, let's try a few more page references. Here's one from SR5:


So, ask yourself: what's required for that computer to target that ad to you?

First, it needs to know you bought a pair like it. You said that the store would track it, and that would be right... except that might not be the same store, or even a related one. So, something is tracking your purchases, and it follows you. Since everything is indexed to your SIN, it has to be tied to that somehow.

The next example is even trickier. Not only does the computer need to know you watched the previous trid, and have that information follow you to every similar theater, it somehow has to know that you liked it. How it does that is a matter of speculation, but more than likely it's by correlating other information-- how many social media posts you made about it, if you saw it more than once, that sort of thing. Today, that requires guesswork and a fine hand with data analysis; but in 2070, it'r a routine part of going to the mall.

Cheap attempt at sidetracking. The discussion is about your claim that there is a magical database which indexes every file and database containing a SIN. Whether there is just one copy of that magical DB or 50 is completely immaterial to the discussion


So after insisting that you are only preaching the literal gospel for five pages or so, you are now doubling down to "well, you can't disprove that maybe what the authors really meant -- although they didn't write it -- is what I want it to mean"

I'd say it looks like you realized that your position has become untenable, but instead of doing the smart thing and simply letting the issue rest, you're trying to derail the discussion away from your failed claims...

Yup. My point 2 from post 129. Not a point of disagreement.


Well, as I've tried to explain a couple times, Google isn't magic. They crawl the public parts of the web and index what they find. For you to say that something should be Google-able in 2075, you need to make the case that it will be recorded somewhere in a public part of the web. (Public here means open access with no security, just for clarity.)

So, where is there a public database that records all the bank accounts associated with each SIN? If there is no such database, you can't get this information with the equivalent of a Google search. (Note that today, you can't Google my name and get information about who I bank with.)


Yeah... That quote doesn't actually say that everything that's recorded is then shared with the general public, does it? I mean, if they detect a gunshot or a mob they call the cops, but that's totally different from saying that anyone who wants to is allowed to look through the cameras or listen in on the mics.


If necessary, limited access to the secure corp database can be granted on a case-by-case basis. Why throw the baby out with the bathwater? "Sometimes we might need to share some information? What the hell, that sounds hard, let's just openly publish all information all the time."


Ok, to me, these two statements contradict each other. What does it mean to have a publicly accessible database that has security on it? If I want to look at your employment records, am I allowed to, or not?


Not if I paid in cash, which is an option in 2015 (though, to be fair, perhaps not in 2075). If they hack the toll company, they can figure out how I paid, which might (possibly after a couple more hops) link to my bank account, that's true. This is not the same as saying that that information is easily accessible, or Google-able.


No one has a problem with your bank keeping a record of your transactions. That seems eminently reasonable, I'd be shocked if they didn't. Not really relevant to our conversation I don't think?


Ok, here's what you said in post 49: "By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works." and "Anyway, not only does a SIN link to all your information, in some cases it's all you need to access that information (or money)."

My position is that you're wrong about this, and none of this stuff is necessary to set up the kinds of payment systems we see in Shadowrun.



Oh, I'm not citing to any pages in Shadowrun books, but, since all of your cites support my position at least as well as they support yours, I don't know that I really need to.

All I do is write up examples of non-crazy payment systems that are consistent with Shadowrun fiction and don't require your over-the-top information sharing. You can see my examples in post 100 (how to do Magic Fridge, tailored ads, walk in-walk out purchases), post 146 (how to run transactions generally), and post 155 (how toll roads work now).


Not possible? How about I explain some ways the system could work under my assumptions, then you try to tell me why the system couldn't work that way?

I explained tailored ads in my post 100. You claimed that my system wouldn't work, because obviously, Payless has to know what I've bought at Foot Locker. I asked a few times why you think that must be the case, you haven't given me an answer. Maybe I only get tailored ads from Foot Locker, but not from Payless? Is that inconsistent with the quote you've provided? Did it say that literally every single store has to be able to serve me tailored ads? (Even if every single store does want to serve me tailored ads, maybe they do it by just looking at my feet and giving me ads for similar shoes to whatever I'm currently wearing.)

Actually, working from that quote specifically, the ads don't have to be targeted by the stores at all. Maybe I have a "DealFinder" app on my commlink configured to record everything I buy. This information is then stored (relatively) securely and privately. My "DealFinder" app continually scans general offers posted by nearby stores, looking for deals on consumer products similar to what I've purchased in the past, and it notifies me about good finds. Bam, targeted ads without any store-side targeting.

The movie example could work similarly. Every time I watch a movie or a show, I rate it in "MediaRecommender", a local app on my commlink. This information is then stored (relatively) securely and privately. MediaRecommender then tells me about other shows and movies I might like, based on my taste profile. It also monitors what movies are playing at nearby theaters, and if it sees something it thinks I'll like (or knows that I rated highly) it points it out as described in the quote.

Actually, looking at the whole quote again, the first part seems really strongly consistent with my DealFinder and MediaRecommender ideas. They don't talk about the stores sending out super targeted info, they talk about the stores sending out general info about sales and movie times. Looks like me and the devs are on the same wavelength

I can comment on this one, at least...

Tolls in Colorado do not require any accounts whatsoever, whether Credit Card, or prepaid toll account (though you CAN choose to do so if you want).
IF I take a toll-road (and there are a few here), I receive a bill at the end of the month. This bill is attached to the License Plate of my Vehicle that is scanned. Since I have to have my car registered, they have my address, and then they send me a bill. There is absolutely no bank information transferred at the time of usage to legitimize this access of the toll road.

As for Data that is Public vs. Private, I am willing to bet that the amount of information that is private is far more than you are willing to believe. Case in point, I believe you mentioned LinkedIn. Well, that only gives hits if you actually have information on that service. Many don't. I know I don't. I just checked it... Of the 23 INTERNATIONAL Profiles that come up under my name, NONE of them are mine. So, even after 20 years in the same multinational company, I still do not show up on that search for that provider. Methinks that things are not like you believe.

Does this lead anywhere?

Well, I appreciate Cain's work assembling all these quotes about tailored ads and automated purchases and data trails and so on.

And, this thread is forcing me to think more carefully through how exactly payment systems etc. could work in the Shadowrun universe.

Finally, I'm getting some genuinely new ideas out of the exercise. My DealFinder and MediaRecommender apps are neat little bits of setting detail that I didn't have before this morning, for instance.

Ok, cool then.

First problem: there doesn't need to be "a" database. Today, people are perfectly capable of searching dozens of places and finding tons of information. It's time consuming, but since the SIN's stated purpose is to make this easier, that alone means it's not as hard as today.

Second, you don't need to find the bank accounts, at least not right at first. All you have to do is find a link that hints that they have an account with Renraku Mutual on the web. From there, you can send a query, and then confirm if they do have an account. More digging will eventually reveal their account number-- admittedly a little harder, but doable today.

Third, I've already listed several semi-public databases that carry all your bank accounts. In 2015, the big ones are called Experian, Trans-Union, and Equifax. Technically they're not public, but they're really really easy to access. (Harder to alter, though.) There's a ton of information on everyone there, and this information is basically shared freely by corporations today.

Fourth, Social Security Numbers and other sensitive information can be found by Google today. Okay, that was four years ago, but I don't see that it would be any different in 2070.



Ok, I'm going to try the credit report example again.

If you had a few pieces of key information on me, you could easily look at my credit report. From there,you could know or infer a great deal about me, and if you had enough time and resources, you could track down a lot more, by using what you learn as keywords and confirming data. So, the credit report is effectively "publicly accessible", in that it's not hard to look at. Same thing for my driving record, etc.

But, let's say some hacker wants to pull a prank on me, and tank my credit rating. Now, he's going to run into problems. Even though he can *look* at the data more-or-less freely, if he tries to change anything, he'll have to deal with some really nasty security plus multiple backups spread out over many different servers (and three AA megas).

Or, another example: your driving record is considered public information. Theoretically, anyone can look at it and see that they got a speeding ticket four years ago. However, even though they can see the ticket easily, trying to delete it from the system is a lot harder.

That's what I mean. Even though information is easy to look at, changing it or manipulating it is much harder.


Not today, no. But we're postulating 2070. With SINs, we know that all the information is linked together, and made easy for collection. So, that alone makes it easier. When you consider the rest of the technology increases, it becomes simple.


Isn't that exactly what SR5 says a SIN does?

My answer would have been "no." But that's why I stopped replying to anything [redacted clause].

Wait, I'm confused. We're talking here about what is accessible to search engines, right? Could you explain what you're getting at with this statement?


Whoa, not so fast there. SINs are better than names. That is not the same as saying that overall public search is better/more comprehensive in 2075 compared to 2015.

I mean, just looking at all the nifty stuff in the vehicles section of the Gear chapter, you might think that getting from Austin to San Antonio is a lot easier in 2075 than in 2015. But when you take into account the broader context (and new international borders) that isn't really the case, is it?

In much the same way that political balkanization makes some things harder in the physical world, organizational balkanization can do the same thing in the digital world.


Ok, so, if I'm understanding you correctly, the idea is that I Google your name, and I find a link that hints at who you bank with. What is this link that I find?


Whoa, how does this work? I just call up the bank and ask? Or, is this a "hack into the bank's servers" situation?


If I hack into the bank's servers, sure. How else do I get this info?


I don't even know if "credit reports" will be a thing in 2075, at least not for corporate citizens. Assuming they do exist, we have no idea how hard they'll be to access. Even if they do exist and they're easy to access, we have no idea what's going to be in them. So, forgive me if I'm a bit dubious when you assert so confidently what banking information exactly will be easy to get ahold of in 2075, based on your vague ideas about credit reports.


It's really easy to stop Google from crawling things you don't want them to index. Very rarely, website administrators mess up, and allow Google to crawl something that should never have been publicly accessible in the first place. It's... not exactly something you can rely on.


Ok, that makes sense. Everyone is allowed to read it, but only some are allowed to edit.

But, why would Renraku make their internal employee database publicly accessible for everyone to read? It just doesn't make sense to me.


You're postulating a search engine that uses crawlers that break into secure systems, index what they find there, and then add that data to a publicly accessible index. Such a thing is, I suppose, conceivable. It seems very unlikely, and without something more than your bare assertion, I don't see any reason to think that it is the norm in 2075.

Easy. A modern search engine has its own database, right? Updated constantly, but basically it runs on its own?

We're spoiled by Google, but there are far more search engines out there today. Each of them has their own database, and there are some search engines that basically just feed your keywords into all of them.

So, there is not likely to be one central database for every search engine in the world. There's probably billions of databases that network with each other, and cross-reference. Given that memory is unlimited, it's possible that each and every node and commlink has the equivalent of the entire Google engine contained within-- plus Bing, Yahoo, and who knows how many others.


The whole point of SINs is to index, link, and correlate data on you. So, if it can't do better than today, what's the point?

Let's go back to that quote again:


So, the listed purpose of the SIN, as of SR5, is to make it easy to track all your information. Thus, it *has* to be able to do better than we do today.


Today? There's a couple of ways. The first is, of course, your credit report. Another is any bill you've paid online. On the statement for my phone bill, they list the last four numbers of the debit card I used. That's not enough to hack my card, but it is enough to tell certain things: if it's a Visa, Master Card, or American Express, for starters. A little more digging can reveal what bank issued it. Also, you can track your spam-- if you're getting a ton of banking services offers from the same bank, that's a place to start looking.


Pretty much. Technically, some of it is social engineering, but you can just say: "I'm doing a background check on so-and-so. He said he had an account here, could you confirm that?" Since you're not asking for balances or other information, people are more likely to say yes. In Shadowrun, that would be handled by an automated system; and the SIm would make confirmation much easier.


It's harder today, but possible. Unfortunately, the Dumpshock mods frown on discussion of actual hacking techniques, so I have to stop here.

In 2070? Much much easier.

I'm using credit reports as an example of what's out there today. In Shadowrun, *everything* is out there. Every last transaction, every single thing you ever bought, was recorded and tracked somewhere. There is a "staggering" amount of information on every person, every day. So, to answer your question: all the information that goes into a credit report, plus lots more, is sitting on the Matrix somewhere in 2070.

Your next question is rather or not that data is sorted and collected somewhere, or at least organized in a fashion that makes it easy to sort. Well, that's what a SIN is for, so that answer is a yes as well.

The next question is, how easy are they to access? A great deal of it is a result of social media, and that's generally public or easy to access. The semi-private stuff can be fooled by pretending to be someone mildly authorized to look at it. Today, there are services that, for a small fee, basically look up stuff for you while using important-sounding URL's to convince people they're a legit entity. As long as they're only looking, and not actually trying to alter anything, security won't go off on them.

Does that answer your questions?


Some of the incidents in the article are a result of Google changing their search parameters. They don't tell people that sort of thing now, so I doubt that the zillions of search engines in 2070 would tell them.


Weren't you the one who referred to the Corporate Court earlier? There is something called the Business Accords, which includes standards for information sharing.

Beyond the fact that it's financially beneficial, it might be corp law.


Not at all.

The example was tracking you via paying a toll on the road. Grid Guide is technically secure, but it's also not hard to track people using it-- there's countless examples of that in Shadowrun fiction and adventures. Not to mention, if the toll is operated by a government, it's probably part of the public record, and anyone can look for it. I look, and see that John Smith paid his toll with account X. I can't [yet] tell exactly what account it is, but there's routing information-- information that tells the computer which bank was used. Add a SIN to this, and tracking that bank is really easy. You don't need to break into a secure anything.

As for adding it to a publicly accessible index? Let me repeat part of the earlier quote:


I don't need to add it to anything. The SIN does that for me. It'd be like how your computer sorts things alphabetically: it'll automatically sort information by SIN.

Oh, you meant multiple different search engines? I'm not sure how much that gets you, really.

Bing crawls basically the same stuff as Google, it just ranks relevance in a slightly different way. Yahoo isn't even really its own search engine, their back end is just Bing.

You can speculate that 2075 has lots of search engines that operate in very different ways, but this is mere speculation, and I think we can draw no useful conclusions about the kinds of things that might be gained by having these many (hypothetically different) search engines. People in 2075 probably assume that if something is visible to the general public, it gets crawled and indexed; the details of how exactly this happens don't seem terribly important.


Nah, the second statement here doesn't follow from the first, you're missing a ceteris paribus. Did you not like my Austin to San Antonio explanation? I thought it was pretty nice. How about another one?

In 2075, technology to detect and shield against harmful radiation is much better than what we have in 2015. Thus, it *has* to be the case that the average citizen in 2075 is exposed to much less harmful radiation than we are today.

See the flaw there?


A Google search is going to turn these things up?

No search engine that we've ever seen is going to have its web crawlers hack into secure servers (or engage in social engineering) to get data to incorporate into its public index. 2075 is different, sure, but this idea in particular strikes me as nonsensical in just about any context. This is something a neo-anarchist might attempt, but a megacorp? If you release an army of bots to do this, you're basically engaging in open war on the Matrix.


Big picture, let's try to separate a couple of distinct threads:
A. Given time and effort, and willingness to take serious risks and engage in illegal activities, a hacker can gather a great deal of information about you once they have your SIN. (No one objects to this idea.)

B. You in post 49: "By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works." and "Anyway, not only does a SIN link to all your information, in some cases it's all you need to access that information (or money)."

If you want to defend B, you can't use arguments that merely defend A. Or, do you now feel that what you said in post 49 was mistaken?

As I recall, your ideas in that post were motivated by the underlying belief that this kind of information sharing is necessary to set up the payment systems we see in Shadowrun. Since I've now demonstrated that you were mistaken in this underlying belief, do you now feel less confident about your position in that post?


Yep, no disagreement here.


See above for my thoughts on this argument.


Social media stuff will be easy to access, and "semi-private stuff" won't be too hard to access? That statement strikes me as very nearly tautological.

In 2075, what information is going to be considered "semi-private"? How "semi" is the privacy involved in each case? These are the actually interesting questions, and you and I answer them very differently. If you want to be persuasive, you need to produce evidence or argument relevant to this particular inquiry.


I haven't mentioned the Corporate Court, no. I know nothing about any information sharing provisions in the Business Accords. If you have any quotes or bits of explanatory text on what's contained in them, that could be very enlightening!


Oh! This could also be very on point. Do you have quotes where people do this kind of thing? And here's the key question: When people want to access GridGuide information to track someone, do they have to hack into the GridGuide servers, or, are everyone's movements just publicly listed on the GridGuide page?


Ok, 2 things here. That first statement, about toll road users bank account information being in the public record, just isn't true. Second, do you really think governments are going to be operating tolling systems in 2075?


So, there are different ways you can interpret that quote. As far as I can tell, it supports my position, point 2 from post 129, but it doesn't really help answer the question posed in point 3.

You, apparently, disagree. I'm not sure why you think the way you do, but I can tell you that merely reposting the quote isn't going to do anything to convince me of your position. I assure you, I have read it, and thought about it carefully.

Not much, admittedly, but I want to kill the silly "One Database to Rule them All" concept.

For a SIN to work, we don't need to cross reference one single database. We could have one main one, or two, or twelve hundred. There's no need for one central index.


Point one: Honestly, I can't recall what that example is. This thread is far too long for that.

Point two: Non sequitur. The whole purpose of a SIN is to track, index, etc. all the data on you. The fluff even lists specific examples of how it works, and what it does. The descriptions are better than what a 2015 search engine can provide, and while they don't describe the upper limit, we do know there's lots more information out there in 2070 (a "staggering" amount on you is generated each day) and that it is organized efficiently.


Some of that will show up on a Google search. It's not impossible for a Google hacker to get social security numbers, for example. Your credit report itself won't turn up on a Google search, but legitimate places who can check it for you will. Tracking your statements, in 2015, does require social engineering; but not so much in 2070, where it requires permission. Once you have that? The rest of the data is just a matter of making educated guesses, at least today-- a SIN makes that easier, because there's a a unique link between all your data.


I have no idea how you connected the two, but I'll try and clarify.

Today, anyone willing to spend the effort (note: not take risks) can gather a great deal of information about you given a small amount of information. That's true, and I don't see anyone arguing with that. This is also true in 2070, only easier. All the information I listed that a SIN gives you in 2070, can be acquired on you today, *without* using a SIN.

That's what I'm basing all this on. Anyone who knows a few key things about me can not only steal my information, but sometimes even hack my identity. Yes, I've had it happen. I managed to keep their hands off my bank accounts-- they weren't able to spend my money-- but in order to keep them from reading my bank statements, I ultimately ended up changing banks.


The logic here is that post-Crash 2.0, the Shadowrun world went to a panopticon model, which means privacy is a thing of the past. All your information is out there and can be accessed under the right conditions, and the bar for entry is pretty low.

Now, I wasn't clear on this point before, and it caused a miscommunication: this is only the bar to view your information. Altering or editing that data is much harder. Any store can look at your bank balance, and target an ad to you based on that. They can't spend your money without your permission, though (although in some cases getting that permission can be too easy. Some stores don't ask to charge you, they assume if you walk out with something, that's permission enough to bill you).

It goes all the way back to SR1. The precise provisions are scattered all over the fiction and fluff, but among the things I know are in there is setting the global currency standard (nuyen) and mandating participation in the global SIN registry. Both of those were done as a direct result of the corporate court. There's also a minimum standard listed for information sharing, although they're vague on exactly what that is. If you're arguing that corps would share the dead minimum they can get away with, I'd agree; but I also think that unless you're fairly important to your corp, they're not going to go out of their way to maintain your privacy either.


Again, there are references to people doing just that all the way back in Sr1 fiction. It used to require a hack, but as of SR4, it's just part of your datatrail. Tracking down the exact page references was annoying, but the fact that Grid Guild records your access ID (and thus, your location) is in Arsenal; the fact that your datatrail can easily be used to find you is in SR4.5.


Bank account information most certainly will be. Going back to Sr3, the Grid Guide description made it clear that toll roads, parking meters, and even traffic tickets are automated: if you use any of them, they automatically charge you. You might argue that you can set up a separate account, which is technically true, but the money for that has to come from somewhere. As of 2070, certified cred is seldom used outside the shadows, so for the most part the toll accounts will be fed by your real accounts. You might be able to legally get away with using certified cred, but that'd be suspicious, and the whole point of using certified cred is to avoid attention.

Second: Absolutely. Bridges and roads-- all infrastructure, really-- is not highly profitable. All over the fiction is many examples of how the megas don't want to bother with these things, so they get governments to pay for it. In fact, some early (and not so early) shadowtalkers say this is the very reason why the Corporate Court lets national governments exist, it's more cost effective for them.



Okay, I might be misunderstanding your point. Your point 3 is that a SIN might not list specifically which databases hold your information. I'm not sure how that applies, because we do know (from the quote) that the SIN sorts your information. There does not need to be a central database, especially since Matrix 2.0 has automated search agents who can check hundreds of databases for you, and then sort that info, all in a few seconds.

I keep getting hung up here, because I thought I was being clear that you don't need one central database, and I thought I had explained it. We keep coming back to this point, which is confusing me. I think you agree that one single central database isn't needed, but you keep linking a statement that calls for it. Could I ask you to restate your point? I'm rather confused.

The whole purpose of a respirator is to clean the air you breathe, so it *has* to be the case that people are exposed to less atmospheric pollution in 2075 than they are today.
The whole purpose of mana barriers is to prevent intrusion by spirits, so it *has* to be the case that there are fewer problems with spiritual intruders in 2075 than there are today.

See, the second part, it doesn't follow from the first part. Any given piece of technology might help deal with some problem, but without addressing the wider context, you can't say whether the problem as a whole will be worse or better in 2075.

SINs help index data on people. 2075 has SINs. That doesn't mean that finding publicly available data on people is easier in 2075 than it is now. It also doesn't mean that getting access to secured data on people is easier in 2075 than it is now.

All of my posts in this thread have listed reasons why publicly available data might be lower quality and less comprehensive in 2075 than in 2015. (Quick recap: governments do much less, megas hate each other, megas hate publicly available resources that make people less dependent on them, megas are very possessive and controlling with their employees)

Secured data might be harder to get access to as well, if companies in 2075 are better about securing it. (Which they very well might be, since the rules and the stakes of the game have changed dramatically, and they now exist in perpetual Cold War conditions.)


So, when you said that a Google search could give you information about where someone banks, what you meant is that Google will point you to sites that allow you to check credit reports? You seem very hung up on credit reports. Do keep in mind that we don't know whether credit reports actually exist in 2075, we don't know what might be contained in them, and we don't know how hard they might be to access.


Is this based on anything? What does "requires permission" mean exactly?


That last sentence, how do you know that?


Identity theft is possible in 2015, yes.

I just don't understand how you go from that to: "By providing your SIN, you don't just give someone your address and phone number, you give them your entire credit history, every legal transaction you've ever done, all your medical records, the works." and "Anyway, not only does a SIN link to all your information, in some cases it's all you need to access that information (or money)."


"and the bar for entry is pretty low." -> Is it? Why do you think this is the case? This is the entire thrust of my question, so maybe spend a little more time on this idea.

Lots of information is "out there", sure. Look at my post 158 for my thoughts on "out there".


Why do you think this is the case?


I don't know much about SR4 or SR4.5, perhaps you could explain this "datatrail" to me? This is just publicly available data, that everyone is allowed to see and access?


I'm sorry, I've read this paragraph a couple times, I'm just not sure how any of it is responding to the section of my post that you quoted.

Again, you believe that bank account information for toll road users is currently a matter of public record, and as a result, it will likely also be in the public record (and easily accessible) in 2075?


For sure. Point 3 from my post 129 posits a publicly available central indexing database, where anyone who wants to can enter a SIN and get back a list of other databases that contain that SIN. So, for instance, I could go to this database and enter "SIN 34567890", and I would get back a list of 1517 databases that contain that SIN, including, among many others, the customer information database of the sex shop that 34567890 visited this morning, the database of the elementary school his daughter attends, and the database of his gastroenterologist. I suggest that some indexing database along these lines must exist in order for your position (as you articulated it in post 49) to be true.

You suggest that maybe there is no single central databases, but rather, lots of different databases that each have some part of this functionality. So, if I understand you correctly:

I could go to Indexing Database A, and enter "SIN 34567890" and I might get back a list of 312 databases that contain that SIN, including the customer information database of the sex shop.

I could then go to Indexing Database B, and enter "SIN 34567890" and I might get back a list of 753 databases that contain that SIN, including the database of the elementary school his daughter attends.

I could then go to Indexing Database C, and enter "SIN 34567890" and I might get back a list of 452 databases that contain that SIN, including the database of this guy's gastroenterologist.

Am I right, that this is what you mean when you suggest multiple different indexing databases, rather than one central indexing database?

If I am correctly understanding you, I agree that this would also make possible the situation you envision in post 49, I just don't see how your idea is meaningfully different from my point 3. There is no suggestion in the text of any kind of central indexing database. Similarly, there is no suggestion of any Indexing Database A, B, or C.

I thought this deserved a separate post.

You read an example in a SR book where someone walks into a store, picks up a book, and walks out with it, paying automatically.

Thinking about this example, you created a mental model of how this might work. Here's my best guess as to your mental model:
A. When you walk into the store, you are broadcasting your SIN
B. The store records this SIN, and looks up information on you based on your SIN, including bank account information
C. When you walk out with the book, the store contacts your bank, tells them your SIN, and withdraws money to pay for the book from your account

Based on this mental model, you concluded:
I. Given only a SIN, it must be possible to get access to someone's bank account information. So, there must be some public database linking SINs to bank accounts. Otherwise, how would the store do it?
II. Given only a SIN, it must be possible to withdraw (small amounts of) money from someone's bank account. Otherwise, how would the store do it?


By contrast, here's the mental model I've formed thinking about the same example:
A. At some point in the past, you installed the "Grab&Go" app on your commlink, in the process, you created a Grab&Go account. (This is like a PayPal account)
B. At some point after that, you transferred some money from your regular bank account to your new Grab&Go account.
C. As long as you have the app loaded, whenever you walk into a Grab&Go enabled store, your commlink handshakes with the store's transaction server.
D. When you pick up the book, your Grab&Go app updates your digital "shopping cart", which lets you know all that you're carrying and will be charged for if you walk out of the store.
E. As you walk out the door with the book, your Grab&Go app transfers payment for the book to the store's transaction server. (If your app failed to pay the store would automatically call security, naturally.)

Based on my mental model (which feels much more plausible to me) I don't see any reason to believe your conclusions I and II.

I gave you a similar explanation for tailored ads in my post 162. I gave some ideas along these lines in my first post in this thread, post 100.

Now, do you see why I'm so dubious when you make claims about what exactly a SIN *must* give you access to?

Fair enough, but the fluff in Shadowrun does not support that view. The assumption I get is that everyone's data is out there, and you can be sorted and tracked every moment of every day. Every example I've seen makes the claim that you are not just tracked, but tracked easily.


What I mean is, right now, someone could use Google to track down a lot of information on me; and then from there, direct queries to find out the rest.

As for credit reports, they're just one example of the sort of thing that can be collected on you, right now. It's all basically public information. The scary part is that in 2070, there will be many times more information out there. So, even if there isn't a single group collating all this data, having your SIN attached to it will ease the collating process.


Because you do. If you walk into a store, they run your SIN, and know the right financials. If you go to a doctor or are picked up by an ambulance, they scan your SIN and can access your entire medical history. If you walk into a secure area, your SIN is run and if they don't like you, they might keep a sharper lookout on you, or even deny you entrance.


Somewhat more than that. Basically, it's all the data you generate each day. It can be used to track you, in real time if need be. And in 4.5, anyone with security or admin access can see your datatrail, if you are in a node they control.

Absolutely.

Progress!

Now, moving on, you put forward the argument that I'm mistaken, and in Shadowrun, it simply is the case that a great deal of information about people is publicly accessible and easy for anyone to get at.

I'm sorry to do this, but I'm afraid I'm going to have to ask you if you could provide citations to support that view. I haven't read as much Shadowrun material as you have, I'm sure, but in my reading, I did not get the same impression that you did. From what I've read, while there is a great deal of data "out there", the people who have that data guard it jealously.

So, while Renraku might have excellent data on your movements and activities inside their arcology this morning, if I'm just John Q. Hacker, and I'm looking at you sitting in a coffee shop on the other side of town in the afternoon, there's no easy¹ way for me to know that you were even inside the arcology earlier, and there's no easy² way for me to know where you went or what you did while you were there.

If you could provide textual evidence that I'm wrong about this, that would be awesome.


Citations on any of these three things would be great, if you've got them.

If, instead, you believe these things merely because of your mental model for how things *must* work in the Shadowrun universe, please see my post 175.

With regards to medical history, here's how I think things might work:
I walk into the office of my doctor, Dr. Gore, that I've seen for twenty years. This is in a secured neighborhood, so I'm broadcasting my SIN when I walk in the door. The receptionist does a query on my SIN in Dr. Gore's internal (somewhat secure) database, and brings up all my records.

I sign up for a contract with DocWagon. When I do, I tell them that my primary doctor is Dr. Gore, I give them his contact info. I also inform Dr. Gore that I've signed up for this contract, and I approve him forwarding my records to DocWagon when/if needed. I get shot in Seattle, as one does, and DocWagon shows up. They scan my SIN and bring up a copy of my medical records.

I'm in Aztlan, visiting an Aztechnology facility or something, and I have a heart attack. Paramedics are called (this is Aztlan, so they aren't DocWagon). When they arrive, they can scan my SIN, but unless I tell them about Dr. Gore, or have some kind of dead-man's switch on my commlink to unlock the copy of my medical records I might keep stored on there, they aren't going to have any idea about my medical history.


I'm a bit confused. If a datatrail is really just a word for "all the data you generate each day", then it seems strange to me that an admin of whatever node I just walked into can see it. Suppose a local Mafia capo updated his entry on me on his commlink this morning, after I repaid a gambling debt. Then I walk into an MCT "node" controlled by an MCT admin. Can this MCT admin see that I'm now all paid up? Seems implausible.

Perhaps you could provide some quotes from 4.5 that explain how this is supposed to work?


Since governments play a much smaller role in the economy of 2075, this point is mostly moot, but if you're interested in knowing more about matters of public record, perhaps I can enlighten you.

Matters of public record include things like births, deaths, marriages, and records of court proceedings. They do not include the details every transaction that anyone engages in with a governmental or government-owned entity.

When I pay my bill to a city owned electric utility, the details of that transaction are not published and placed in the Hall of Records for anyone to peruse at their leisure. Similarly, you cannot look at what tolls I've paid, or where/when I've paid for parking, or what I bought for lunch at the cafeteria down at the courthouse that day I had jury duty. (By contrast, the fact that I served on a jury is often a matter of public record, as is the transcript from the jury selection hearing where I was chosen.)

----------------------------------------
1. Hopefully this is a high security area, and this guy is broadcasting his SIN. If so, I hack into the GridGuide servers and look at the record of his movements for the day. If he didn't use GridGuide, I try to hack into servers of various transit providers, hoping that they might have recorded his trips. Alternatively, I could hack into this guys commlink, and hope that it has some record of what he did stored on it.

2. I've got to get into whatever Renraku hosts recorded the data. Not a pleasant prospect.

And off for another round in the "nah nah nah, I'm not listening" cycle...

Also the thing people dance around is data balkanization, that is one of the challenges of the SIN system. Suppose Bubba the love troll got out of Prison in the emerald city. He was previously sinless until his run in with the law, and now has a criminal sin. His biometric data is attached to not only Lonse Star who ran the prison, but KE (who arrested him and assigned him the sin), and the UCAS government (since it was under their contract). On his first day out he goes and buys a burger at McHugh's. McHughes now have a record of that transaction and that sin. Also, Bubba's bank has a record of that transaction. THat bank account is associated with his criminal sin (Provided by MOM's get them back to work campaign). So long as he uses that sin, it will track his daily activities. The bank can be asked by KE or UCAS authorities to to provide his financial records to boot. Being that Bubba's on parole (for life), the bank must comply and Bubba can't say no. Now suppose he goes through the Aztech Pyramid, it will be noted when goes through the door, but what he does there (unless he buys something which hits his bank account) would be recorded by Aztechnology but wouldn't be readily shared with KE, the UCAS government (unless asked, but even then).

Now let's say bubba gets a fake sin and lets his criminal sin go unused. The fake sin involves him getting into the database his descriptors (age, sex, height, hair color, eye color), as well as other information such as his name Eddie McLovin, data of birth, location (Kingdom of Hawaii). It also includes the activity up to that point. Such as previous addresses, where he went to college, etc. etc. This is where the rating of the sin comes into play. The higher the rating, the more databases have been changed that when cross checked against. Problems arise when the sin says he graduated from MIT, but when quiered the MIT student records show that the student does not exist. How thourough a check is made is dependent on the rating of the scanner, and the level of suspicion the Bubba (aka Eddie McLovin) is under. Rating 1 is the bare minimum (probably just checks to see if the SIN and Bank account information match), higher ratings check more items that might expose the fake ID. A rating 6 would basically amount to background check, that included biometric data. As long as the ID is used there is a chance they might get exposed as fradulent.

Now redjacks idea on a stolen ID is a different issue entirely. THey would not hold up to close scruitny as the minute it checks against the system it would see desrepancies. A rating 1 scanner would let it pass, rating 2 or higher would probably flag it quickly.

To me in SR universe it is easier to fake a sin than use a stolen one for just that reason. To get any useful shelf life out of a stolen one you'd need to change many more databases than you'd need to create an equivilent fake one.

Do you mean to say: It would flag quickly after the expiration? ergo: when the legitimate users comes back on the grid.

Yes, your 24 hour time frame is probably a good guess. Also, you'd be hard pressed to go off the grid in Seattle, or other developed areas. And if you go off grid (say you're going hiking in the NAN), your last reported place was the NAN Seattle boarder post. To show up 2 hours later in downtown Seattle might raise a few flags (depending on the severity of the check).

Oh, good point. I see a quality for the stolen SIN. Something like: Geographically remote, +1 limit to checking device.

Another might be Corporate Related, +1 limit if a Corp SIN is being checked by a different Corporation.

A Renraku security guard is probably going to grill another corp's SIN harder than a normal national SIN just because they assume corporate espionage by default.

Not sure if one should exclude KE/LS from this despite the fact they are corps in themselves since they form the majority of police forces the runners will run into, unless of course someone was trying to access their office territory with the SIN.
But on the other hand given all the grief they get from other corps when dealing with extraterritorial, they may take out that little bit of vengeance by giving the corp SIN that extra look over hoping for something while they got them on their turf.

Point of failure. His bank will know at least a small part of what he did inside the Pyramid, because everything in there that queries it for a transaction or credit check leaves traces on their end. Same with KE/LS, as each check of his criminal record leaves traces. Data does not exist in a vacuum, and communication is by its nature bidirectional.

Well, first of all, there's the real world analogy. Starting with SR4, the sixth world is largely a reflection of modern day, just forwarded a notch. All the information I've listed can be found today, if you want to put in the work to locate it.

Second, there's citations all over Shadowrun about this. Let's start with SR4.5:

So, the *system* can track every move you make. Not John Q. Decker, the system itself tracks every move you make, automatically.

There's also a citation on your datatrail:


So, your datatrail can easily be used to track you down. One more for good measure:


Now, you might be asking how easy it is to follow your datatrail. 4.5's rules is that it simply takes a Track action to locate you and all your information. I'm uncertain what 5e's rules are, but it is easy to track people, especially since Track is a common use program.

On top of that, there are numerous examples in the fiction of runners doing a quick check on a person, basically the equivalent of feeding them into Google. It won't reveal hidden information, but it might give them a starting point for future hacks. Also, the concept that people are collecting and selling "garbage" information also goes back to SR1-- the first fiction book, Into The Shadows, references a group called the Burakumin. They're basically info sifters, going through garbage data and selling whatever they think might be useful. In the story I'm referencing, they found what basically amounted to a cosmetic counter receipt, and almost completely unraveled a very high rating fake SIN.


I've given you multiple citations, so just one for now:


Now, you might be thinking that Joe User has to approve all that. True enough, *but* they can require you to transmit all that information to get permission to walk in the door. I've repeatedly cited the example of an A-security zone requiring everyone broadcast their SIN and related information. And they can demand all that and deny you entrance, or if they do let you in, they will eye you suspiciously. (That[s a reference to an example in a SR1 book, the Neo Anarchist's Guide to Real Life, which was written before the wireless matrix was implemented.


Current fluff says it's either carried on your commlink, or on a cloud server for backup. So, there's no special release from your doctor, they scan your commlink and SIN and get it. Docwagon being an ambulance company, they more than likely have an override.


I provided the quote earlier, but here's basically how it works:

Everywhere you go in the Matrix, you leave a trail. Every thing you do is logged and recorded somewhere, which means anyone can follow the trail. By using the Track action, they read the logs for everything you've done in the Matrix so far, and can trace it back to you. It follows you all the way back to your originating node, collecting your access ID along the way, and the list of everything you did while you were there. Since Track can follow you through many different nodes, just switching nodes won't be enough to hide yur datatrail.

First: if you're going to repeat a point, please just repeat the point. I don't want to have to sort through the huge long posts to figure out what you're referring to, please.

Second: with actual AI's handling the searching, you don't need one central index. You can send out feelers to lots of search engines, all of which can send out feelers to others, and so on. It's not an index anymore, its a network.

The fluff does not support you on that. They indicate that the information is either carried on your commlink (and broadcast as a requirement for entry into certain places) or carried on a cloud server for easy access, in case your commlink goes bad. I've already provided you with several citations to that effect.

I think you may be reading a little more into the section you quoted, than it supports. At least as I read it. I agree with you that the system is set up to log the presence and actions of your SIN or access ID automatically, and if you go looking for this log information, it is relatively easy to locate and browse through, in order to get a picture of where you've been, and what you've done. However, in my mind, there is a difference between the system being set up to log information and store it in a multitude of different systems and locations, and then having the "system" automatically go and combine the data into a collected file on you, located in one place, that effectively says where you went, and what you did there. It's possible to do, but I don't believe that the quoted part here supports that interpretation. "Can" does not equal "Will Do". And while AI's might be sentient, the "system" as a whole is not, as far as I know.

Also, what's the point of automatically collecting all this data and storing it in a single file? There isn't one, because of two things. 1) It's too easy to do on an ad hoc basis if needed. 2) There simply isn't any point in doing something like that for most people.

Cain, thanks so much for gathering all these quotes, very helpful!


Well, the technology is mostly stuff we have + some variable level of technological advancement. Society, government, the economy, these are all very different. My position is that many of the ways that 2075 differs from our world would make data harder to access for the general public. So, just because something is easily found today, doesn't mean that it will easy to find in 2075.


I'm afraid "the system" here is a little nebulous. I don't disagree that there is a great deal of data "out there". I argue that that data is not necessarily easy to find or easy to access. I was hoping for somewhat more concrete examples, examples of people being easily tracked and traced.


A difference between the quote you cited and your interpretation/summary of that quote: you've inserted the word "easily", and you've replaced the word "may" with "can". In doing this, you suggest that this quote supports your position more than it does mine, when this is not the case.

In the footnotes to my last post, post 177, I discussed ways that John Q. Hacker could in theory try to trace your movements back to the Renraku arcology, and could attempt to determine what you did there. I don't think that this is impossible for him to do, by any means. Our dispute is simply over whether this is easily done, done without risk.


This quote suggests that making all your transactions private and secure is as simple as getting an off-shore bank account. That part actually supports my position I think? Now, there is the statement that standard bank accounts are not kept private, but this is not a point of disagreement between us. As I've said previously, many times, in my posts 141 and 155 among others, I agree that most SINners in 2075 have no privacy. I'm sure their employers, at least, have very comprehensive information about them. That isn't the same as saying that every piece of information about them is easily accessible by the general public.


In 5e, if you can get 2 marks on someone, you can use Trace Icon¹ to get only their current physical location. Since 2 marks is a pretty high level of permissions, I assume that this works by basically asking, "Hey, commlink, where are you?" If it instead involves looking through other people's logs to find the commlink in question, I'm not sure why it would require marks on the commlink at all.

If Track works like you say it does in 4.5, making it simple and easy to legally get "you and all of your information", then that would seem to be a major mechanical difference between the editions. But, in a way, this makes sense, isn't the Matrix of 2075 supposed to be considerably more locked down and controlled than it had been before?


Man, examples like you're talking about in the first part of this paragraph would be great, this is just what I'm looking for. Not just the initial search, which you admit doesn't reveal any kind of "hidden" information, but then how they go from there to get more detailed info. Is it quick and easy and risk-free, like you seem to suggest? Or is it difficult and dangerous, like I think it would be? Examples of people actually doing it would be perfect for helping us figure this out.

The second part, with the "garbage" info, isn't really on point I don't think. What we're talking about is how you go from a SIN to get data about the person connected to that SIN. Sifting and analyzing data to eventually reveal interesting tidbits about random SINs is kinda going in the opposite direction, though it could present some interesting setting detail.


Wow, that quote kinda seems like a slam dunk for my argument, doesn't it? I asked you for evidence that given only a SIN, you can easily access someone's bank info or medical info, you responded with a quote that details how you need to explicitly ask someone to send you their bank info or medical info.

I mean, if all that data were easily accessible using just Joe User's SIN, then obviously they wouldn't need to ask him to send them the data, right? And why would Joe take the time to pull out a fiber optic cable and plug it in and transmit the data securely from his commlink to their terminal? If it's all easily accessible by anyone, why does Joe care?

I don't actually understand what you're arguing at this point? I mean, this just directly contradicts the stuff you were saying in post 49, doesn't it?


You've repeatedly cited an example where people are required to broadcast their SIN and related information, to get in the door someplace? Could you re-post it, or maybe give me a post number? I don't remember anything like that. What was the related information exactly? It was like bank account information and medical history and stuff that people were broadcasting?

Broader point, sure, the hospital requires you to verify your bank balance info before they'll treat you, yes it's a dystopia, etc. etc. That isn't the same as saying that this stuff is easily accessible by the general public. Again, if you look at the quote you provided on this, this just seems like spectacular reinforcement of my position. It's hard to imagine something that could better serve my argument.
-------------------------------------
1. Getting marks on someone illicitly is what I would consider difficult and dangerous. You have to have a cyberdeck to even attempt it (and look at the prices on those things), you (probably) have to get close to them, every time you do it there's a chance they'll know you're hacking them, you might accidentally give them marks on you, and in any case, you're starting the clock on Convergence, which is no fun.

Cool, that works too. I suggested that you might keep a copy of your medical records on your commlink in my example, you may have noticed. In any case, keeping it in a secure file on your commlink is very different from, "If you give someone your SIN, you give them your medical records." which is a paraphrase of your position as I understand it.

Not sure about any "override"; in the quote you provided, a hospital has to ask for you to transfer your medical records to them.


Yeah, I don't really know much about 4.5, but since I don't play it, this is really a question of essentially historical interest to me. There doesn't seem to be anything like your "Track" in 5e.


This is something of a minor side point, but if you'd like, I can try again to explain how search engines work?

They are not magic. They have automated crawlers that wander through the public web, and index what they find. These crawlers don't have the capability to break into any system that's secured in even a rudimentary way. (In 2015, you can simply post a sign saying, "Don't crawl this." and search engines will respect it.)

The crawlers collect information during these wanderings, which the search engine then compiles into a large central index, which is queried when a user attempts a search. But, and this is key, if something isn't publicly accessible, it will never be crawled and indexed in the first place.

You've suggested that perhaps search engines in 2075 will be different, and the crawlers in use then will hack into secured systems to gather confidential information which would then be incorporated into public indexes. I've attempted to explain why this is implausible a couple times, most recently in my post 172.

Assuming for the moment that no one releases an army of crawler/hacker bots onto the web to break into and index every system they can find, you have to accept that search engines will only include data visible to the general public. Since, I believe, the extent of this data will be quite limited in 2075, I don't feel that search engines will be a very good resource for digging up detailed information on people.

If you disagree, you can argue either, 1. Search engine crawlers will be hybrid crawler/hackers in 2075, or, 2. Lots of information about people will be publicly accessible and visible to anyone who would like to look at it. I haven't seen any remotely convincing arguments on either of these two points yet, but if you'd like, feel free to make an attempt. Hypotheses about multiple different search engines won't do any work for you though, I'm afraid.


I'm not sure what you're saying here? In my example, the Grab&Go app is loaded on your commlink, yes? In fact, the fundamental way that my mental model differs from yours is that I allow commlinks to do more of the work. From what I've read, you seem to generally jump to the conclusion that everything is always server-side, and you imagine a commlink as essentially a dumb transponder.

Like I said, you don't need a single file. You can hit five dozen search engines easily enough.


Actually, the opposite. It suggests that off-shore bank accounts and the like is considered a criminal activity, or at least suspicious. Definitely not something Joe Average would have; and while much more possible for Joe Shadowrunner, it's easier to use a fake SIN, as it's less suspicious.


Check me on this, because I'm weak on the 5e matrix, but isn't the whole point of hacking and marking that you *don't need* to get permissions?

Additionally, I looked a bit further. Track is used to locate someone's physical location. If you want info on a specific persona, I believe you use Matrix perception. If you want to search the whole Matrix for public information on someone, that's a Matrix Search action, with a Threshold of 1. That seems to represent a Google search, but adapting for 2070 computer technology.


That's a traditional part of any shadowrun, at least in my experience, although Sr4 was when it really became a big deal.

To answer your question, switching from "public" to "hidden" information does depend on the narrative requirements, but the public information provides a key to target the deep searches. So, in the example I gave, someone was looking for dirt on a woman, but didn't know where to look for evidence. By chance, someone got a hold of a cosmetics counter receipt, that included a pheromone-matched perfume sample. That was enough to connect the dots back to her previous identity-- not enough to prove it, but then further searches yielded more connections, which eventually became enough for a solid lock.

In practical terms, the decker starts with a general Matrix search, equivalent to feeding keywords into Google. They narrow it down to a couple promising leads, then do a search for detailed information. Off that, they pick one of two (ir any) targets for a full hacking run. How risk-free the data is depends on the target: Jane Dough's full information, even "hidden", will be less risky than trying to find Damien Knight's grocery list.


Point one: It makes it easier. And gives it a veneer of legality.

Point two: I have no idea what a fiber optic cable has to do with anything.

Point three: he doesn't. Joe Public, by and large, doesn't care about privacy in a world of bread and circuses.

Following the links back to past points hidden in large posts is getting bothersome. If you need to repeat a point, please repeat it.


Well, since I just made a big deal about reposting points instead of confusing cross-references, why not?
Example #3
Bitsy is walking down the street on the way to meet her ’warez dealer in one
of the nicer areas of town. She’s in hidden mode since she doesn’t want to
have to deal with the obnoxious new viral marketing campaign Horizon has
been spamming along the public thoroughfares. She’s lost in thought as she
walks, so she fails to notice the Lone Star drone overhead that scans her. The
drone drops a spotlight on her and announces via loudspeaker that she’s
“hiding” in public—a violation in this high-security sector. Bitsy instantly sets
to work finding the drone’s signal so she can hack in and deal with the pigs. As
she homes in on it and brute-force hacks past its firewall, the drone attempts
to get a read on her access ID and also runs a sensor scan on her face to feed
to a facial recognition program. Bitsy’s access ID is forged—for exactly this
sort of situation—but after she nukes the drone’s OS she decides to get out
of the area fast. Not only will the drone reboot itself soon, but a squad car
may show up quick with her mugshot in hand, transmitted by the drone back
to Lone Star’s dispatch before she could take it out.

Or:
Most users carefully control how much information they make
publicly available, but the law often requires certain core data be broadcast
in certain areas (SIN must be made available on UCAS federal
property and many corporate enclaves), or for certain data to be accessible
by security officers who attempt to access it with authorized security
codes. In high-security neighborhoods and traffic-heavy business
districts, it is common practice for police drones to scan the PANs of
random people on the street; those with something to hide are usually
assumed to be up to no good.
Now, what this says is that on certain property (which can be just a "nicer area of town"), you *must* broadcast your SIN and select other personal data, just to walk down the street. Also, on corporate-controlled areas, they can require you to broadcast any data they want you to, and it's legal. Ostensibly, it's "for security purposes", but it's still there for anyone to access.


I can't see anything more accessible than "broadcast to the world at large", and in some places that's exactly what you need to do.

I admit I'm weak on the SR5 mark rules, they're very confusing, but do you have a page reference saying that you must have a cyberdeck, or that it's dangerous? The one paragraph on marks I could find says the exact opposite:

Marks are routinely invited and given for normal, everyday,
legal use of various services. They act as keys, permission
slips, invitations, and account privileges on every
icon in the virtual world. For example, the Seattle Public
Library invites over 50,000 marks per day for its VR books,
films, trideos, and other items in its collection. While the
great percentage of mark traffic is legitimate, hackers try
to get marks illegally to facilitate their own plans.

Cain...
Granting (on the givers side)/Accepting (on the receivers side) Marks in SR5 is legal and easy.
Forcing a Mark is a Sleaze or Attack Action, is illegal, and requires a Cyberdeck. Comlinks do not have the capabilities to force a Mark on anything.

No, no, no. You keep coming back to this, and it's nowhere near my point.

My point is that there's a "staggering" amount of information on you out there, all public, all easily accessed if you spend the time to look for it. Your counter-point is that it isn't easy to access, because it''s not all filed in one place. But that doesn't matter, because you can search the *entire matrix* in less than a minute.

I don't need to "hack" anybody to get a basic level of information, today. In Shadowrun, with the total lack of privacy, there's going to be even more information with even less privacy concerns. I won't need to do a full shadowrun on Stuffer Shack to find out you like nuke-it Burritos, that's not information that would be secure.

You seem to be hung up on the idea that everyday information in Shadowrun is private. It is not. People are looking at your records all the time, today; and the shadowrun fluff indicates it's only worse.


No, the point is *there is no app for that*.

Your commlink has to broadcast your SIN, and in some cases, your financial information, just to go to the mall. Now, we could assume that your commlink is broadcasting every purchase you ever made, since second grade, to every store in the vicinity. Even with 2070 bandwith rules, that's not likely. So, more likely is that your commlink is broadcasting access to those files to any store nearby; or more likely, sending the keys to that info for anyone to look at.

You don't need a special app, this is just how business is done in 2070.

Okay, so a comm can't "force" a mark on someone... but if you ask them to accept one, say as part of a bunch of "Click here to see today's specials!" ads at the mall, it's basically as easy as that? Or, if the store you walk into says "Cookies required" (or whatever the term is in 2070), then they can get a mark on you easily?

The source asks and you accept. That is essentially all it takes.
But you are never forced to accept a Mark unless someone is hacking you.

I was generally under the impression that hosts would invite marks rather than asking you to accept a mark; the library example comes to mind.

I'm not sure that I understand your first question here. Marks represent a degree of control/ownership over an icon.

If you're discussing 5e, there is no "Track", as far as I'm aware. Presumably you mean "Trace Icon" is used to get a physical location? (Note that this requires marks.)

Matrix Perception will get you other information about an icon without requiring marks, but it won't get you any information that's hidden or protected. Users choose what information they want hidden or protected, and as far as I can tell, in 2075 it's considered totally normal and unremarkable to have lots of information hidden and protected on your commlink.

Matrix Search also doesn't require marks, and does look like the rough equivalent of a Google search. (It's legal and safe.) Guidelines on what information is available using Matrix Search are vague enough that I don't think we can use them to resolve our disagreement. (Though, they do specify that anything kept in a host that isn't publicly accessible can't be found with a general Matrix Search) (Also, they list time frames, and "search the whole Matrix in 1 minute" doesn't seem to be in the right ballpark.)


Yes, I assure you, I understand the principle. I was hoping for quotes with specific examples. I'm afraid, given what I've seen so far in this thread, I'm simply not ready to take your interpretations of example fiction at face value. If you don't care to dig up the quotes, though, that's quite all right.


Ah, so you stand by your post 49? Once they have Joe User's SIN, you still think they can use that alone to access his medical info, no problem? They merely ask him to transmit it as a kind of courtesy? Well, let no one doubt your commitment.


The quote discusses how someone might transmit responses to these requests (for bank info, medical info, etc.) in a secure way. They suggest that the data will naturally be encrypted, and might also, for security purposes, "be transmitted at a lower Signal rating, via a short-range, line-of-sight infrared beam connection, or by physically linking the commlink to a terminal and transmitting by fiberoptic cable."

Now, interesting question, if all this data is easily accessible by anyone, why would you bother doing all this? Again, is it merely a matter of appearances? There's a certain Old World charm to whipping out the old fiberoptic cable?

And when they explicitly say that people do this for security purposes, what do they actually mean?


As a practical matter, you haven't posted any of these examples in this thread, as far as I can tell, so it would be quite difficult for you to post links to them.

In any case, there seem to have been some changes made between 4e and 5e. Regarding Ms. Bitsy, in 5e, I'm not sure that they ever say that operating devices in hidden mode is illegal or prohibited anywhere. In any case, that example doesn't seem to speak to any point of disagreement between us.

Regarding your second example, it seems to be sadly a bit short of details regarding what exactly needs to be broadcast. As to the idea that anyone with something to hide is up to no good, if that was the case in 4.x, that's been explicitly changed for 5e. The default rule is for people to have protected folders on their commlink that they use to store things they want to keep private. And, "most people keep all of their files in a protected folder."


This has been well covered by others, but: You can choose to invite anyone you'd like to place a mark on you legitimately. Private citizens inviting others to mark them does not appear to be a common occurrence however. If someone wants to get a mark on you without your express invitation, they'll need to engage in Attack or Sleaze actions.

emphasis added
I'm sorry if I've stated my position in a confusing way. To clarify, my counter-point is that this information is not public. It is not easy to access, because the people that record and store it make it their business to prevent others from accessing it.

(It is also not easy to know which databases have information on people in the first place, but this is a consequence of that the fact that the information in the databases is protected. If it were not protected, it could be indexed by search engines, would therefore become very easy to locate.)


Not private, per se. But not public either. Stuffer Shack, and as a result, Aztechnology, knows that I enjoy Nuke-It burritos. If I work for Renraku and bank with Renraku Financial Services, I bet Renraku knows. But does Shiawase know that I enjoy Nuke-It burritos? Just by looking at my SIN, is it easy for John Q. Hacker to find out that I like Nuke-It burritos? This is where we disagree. You have not, as yet, produced any evidence that I'm wrong about this.


Why do you think this is the case?


I remain unconvinced that you broadcast any financial information of any kind while in the mall. The quote you provided suggests that if people want my financial information, they ask me for it, and I can choose to send it to them if I care to. Based on the quote, if I do decide to send it, I typically do so in a secure way.

Inviting you to accept and Asking you to Accept are, for all intents and purposes, the same thing.

Here, I think Redjack is getting at the fact that the library is the one Inviting Marks, so the library ends up getting marked by the patron.

The patron is not marked by the library. See the difference?

I don't know that there are any examples in the 5e corebook of users getting marked by hosts. (Other than hackers that fuck up hacking attempts.)

Ahh... thanks for clarification.
I was looking at it as the device Inviting the Mark. I Invite you to Mark the Library System is no different than me Asking you to Mark the Library System.